CVE-2017-11561
MEDIUMZOHO ManageEngine OpManager <12.2 - Command Injection
Title source: llmDescription
An issue was discovered in ZOHO ManageEngine OpManager 12.2. An authenticated user can upload any file they want to share in the "Group Chat" or "Alarm" section. This functionality can be abused by a malicious user by uploading a web shell.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_misc
http://manageengine.com
Exploit, Third Party Advisory x_refsource_misc
https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18736
Product x_refsource_misc
http://opmanager.com
Scores
CVSS v3
6.5
EPSS
0.0080
EPSS Percentile
74.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-434
Status
published
Products (1)
zohocorp/manageengine_opmanager
12.2
Published
May 23, 2019
Tracked Since
Feb 18, 2026